Sep 30

Win32.worm.dpug

Technical Details Written using the C++ language File Size: 1.6 MB Overview Win32.worm.dpug is a worm that infects Windows PCs running Windows XP and above. Analysis Upon execution, it checks weather it’s installed or not by quering the value of it’s key (“HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gtalkupdate”). If that fails, then it installs itself by copying it’s copy to …

Continue reading »

Permanent link to this article: http://security.insa.gov.et/?p=244

Jun 27

Worm.Win32.AutoIt.a

Technical details Written using the Autoit scripting language. File size of 208767 bytes. Packed by PECompact to decrease size.   Installation Makes copies of itself with the following names once launched: %System%\%randno%\%randno%.exe Creates the following files on an infected computer: %System%\mler.a3x %System%\cper.a3x %System%\dwlr.a3x %System%\clin\ax.log (is copied as autorun.inf on to drives) %Windir%\ss.bat Ensures autorun of …

Continue reading »

Permanent link to this article: http://security.insa.gov.et/?p=204